top of page

UK to increase funding for Ukraine Cyber Programme

Last year, the Foreign Office confirmed that UK cyber security capabilities were being deployed in Ukraine. This month, Downing Street have pledged to increase the funding from £6 million to £16 million. So what does this mean for the UK?

Last year during the publishing of the NCSC annual review, the UK government publicly confirmed the existence of the Ukraine Cyber Programme, which had been operating since February 2022, coinciding with the initial invasion of Ukraine.

The initial tranche of the programme involved providing hardware and software to Ukraine, preventing unauthorised access to vital networks, and providing incident response capabilities to eradicate and recover from intrusions.

From the initial delivery, it can be observed that this first tranche was attempting to stabilise Ukrainian infrastructure as Russia launched cyber campaigns alongside their physical attacks.

This month, the second tranche indicates that Ukraine have stabilised and are now looking to push back.

Within the publicly announced use of the increased spending is the provision of digital forensics. This capability helps to enable Ukrainian cyber 'experts to analyse system compromises, attribute threat actors and build better evidence to prosecute'. This type of activity would not have been a priority one year ago.

For the UK, the initial announcement of the Ukraine Cyber Programme caused long standing backlash from Russian aligned cyber threats. This month, eight months after the announcement, threat actors such as NoName057(16) launched DDoS attacks at the UK government and Transport For London.

They claim these campaigns are in defence of Russia and refer to the UK as Russophobic. The announcement to double the financial support to Ukraine is likely to renew the backlash, and is likely to bring the UK back into focus as a target.



The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page